memflow-py
memflow-py copied to clipboard
memflow
Python support for memflow
Hello! I am trying to write out the memory of drivers from my windows vm. When reading I get an Overflow error on wimmount.sys driver. I am unsure how to...
There is a [newer version of memflow](https://github.com/memflow/memflow/tree/next), with some features which would be nice to have. I would be happy to implement some of them as well.
The ideal place to add this documentation would be within the typing file, [here](https://github.com/dankope/memflow-py/blob/master/python/memflow/memflow.pyi).
```py class SizedStruct(Structure): _size_ = 0x4 _fields_ = [("len", c_int16)] ``` `_size_` will bound `_fields_` & `_offsets_` to be at most, >= `_size_`, while also ensuring that the structures size...
In many cases when you read a value you intend to write it back at the same address, the preferred way would be to store the address inside the returned...
https://docs.python.org/3/library/ctypes.html#ctypes.c_char_p https://docs.python.org/3/library/ctypes.html#ctypes.c_wchar_p memflow already supports [reading null terminated strings](https://github.com/memflow/memflow/blob/main/memflow/src/mem/memory_view/mod.rs#L412). Only on UTF-8 encoded strings, however. We will need our own for `c_wchar_p`.
Not something that will exist within `memflow-py` however it would be a great addition to have a tool be able to convert a c structure into a ctypes structure. Something...
https://docs.python.org/3/library/ctypes.html#structure-union-alignment-and-byte-order
Currently `POINTER` class types (see [ctypes doc](https://docs.python.org/3/library/ctypes.html#ctypes.POINTER)) are not supported. To allow these to be supported we need the following: - A way to specify the "default" pointer width within...